Yahoo exec grills NSA director over ‘backdoor’ access to private data

Yahoo’s chief information-security officer attacked the NSA's director over building “backdoors” to allow government spying on selected users. Mike Rogers defended the practice, saying it should be done within a “legal framework.”

“It sounds like you agree with [Federal Bureau of
Investigation Director James] Comey that we should be building
defects into the encryption in our products so that the US
government can decrypt,” Yahoo’s chief information-security
officer, Alex Stamos, said during the 'Cybersecurity for a New
America: Big Ideas and New Voices' conference.

The Just Security blog published the full transcript of the
exchange, which can be viewed here.

“If we’re going to build defects/backdoors or golden master
keys for the US government, do you believe we should do so — we
have about 1.3 billion users around the world — should we do for
the Chinese government, the Russian government, the Saudi Arabian
government, the Israeli government, the French government? Which
of those countries should we give backdoors to?” Stamos
asked.

Rogers ignored the question and veered off topic by discussing
the feasibility of creating a way for the NSA to gain access to
encrypted information.

“My position is — hey look, I think that we’re lying that
this isn’t technically feasible. Now, it needs to be done within
a framework. I’m the first to acknowledge that. You don’t want
the FBI and you don’t want the NSA unilaterally deciding, so,
what are we going to access and what are we not going to access?
That shouldn’t be for us. I just believe that this is
achievable,” Rogers said.

During the question-and-answer period, Rogers tried to reassure
everyone that backdoor access to data held by US companies is not
harmful to privacy and does not have to compromise encryption.

“‘Backdoor’ is not the context I would use, because when I
hear the phrase ‘backdoor’ I think: ‘Well this is kind of shady,
why wouldn’t you want to go in the front door, be very
public?’” Rogers said. “We can create a legal framework
for how we do this.”

Washington has been fighting off criticism from other tech firms
about its attempts to gain access to private user data. Just over
a week ago, Apple chief executive Tim Cook criticized the White
House Summit on Cybersecurity and Consumer Protection at Stanford
University, stating that people in “positions of
responsibility” must work to protect privacy, not steal it.

On February 13, US President Barack Obama appeared at Stanford
University, urging the nation’s top tech companies to endorse the
administration’s plan for enhanced cybersecurity.

The address came in the wake of a series of damning attacks that
have crippled the networks and systems of private businesses in
recent months – including those of Target, Home Depot, and Sony
Pictures Entertainment.